To avoid a Q-Day apocalypse, the National Institute of Standards and Technology (NIST) is overseeing the development of a new set of public key cryptographic algorithms that will take quantum computers an impractical length of time to crack. While this initiative, known as post-quantum cryptography (PQC), is making good progress, standardization and mass deployment is expected to take years. Who gets to the finish line first — sufficiently powerful encryption-breaking quantum computers or universal PQC deployment — is the subject of yet another unnerving debate. 

Irrespective of this, the time to act is already here. Of increasing concern are so-called store-now-decrypt-later (SNDL) attacks; if malicious actors with adequate resources can intercept and store sensitive data flowing in today’s networks, then that data can be harvested on Q-day. 

Making networks quantum safe today

Luckily, there are already ways to make networks quantum safe today. According to multiple authorities — including the NSA, NIST, ETSI and ANSI — symmetric encryption algorithms like AES coupled with highly randomized and large 256 bit keys are quantum safe. 

These symmetric encryption algorithms can be used to introduce quantum safe encryption of traffic flows between routers or optical switches, safeguarding all data well in advance of Q-day. The symmetric keys can be distributed using quantum-safe encryption over traditional IP and optical links, or via quantum key distribution (QKD) mechanisms.  

The rise of the botnet DDoS attack

Where quantum computers use massive compute to supercharge political or corporate espionage, legions of hijacked IoT devices can be combined in one botnet to unleash massive attacks on networks and the critical industries that depend on them. It isn’t that botnets are a new problem, it’s that they are now the problem responsible for the majority of Distributed Denial-of-Service (DDoS) volume. 

Why? IoT proliferation is one reason — billions are now expected to roam the internet. Weak security is another. Many IoT devices currently run porous versions of Linux or out-of-date firmware, making them easy targets for hijacking. Add to this the trend towards high-speed symmetric consumer internet plans, and security leaders have just placed an order of magnitude of more DDoS bandwidth at the hands of attackers. All this glut has forced a collapse of botnet DDoS service prices to a mere fraction of what they were just a few years ago. They’ve become the tool of choice for everyone from extortion gangs to political activists, and even to nation-state actors in geopolitical conflicts.

How do security leaders thwart a botnet DDoS attack?

How do security leaders distinguish between hundreds of thousands of attacking IoT devices and valid traffic? How do they stop or limit just them, without impacting valid users and their service experience? This calls for special intelligence on IoT devices and their network supply chains. It requires the ability to quickly set up and tear down hundreds of thousands of IP filters — all without impacting network performance. 

Despite the darkening threat landscape, protection against this full-court press on network security — from powerful quantum computers to the smallest IoT devices — is out there. Service providers just need to ask the right questions to ensure the requisite capabilities are an integral part of their new or upgraded network builds.